Pegasus by Jacques Gascuel: This article will be updated with any new information on the topic.
Pegasus: The Cost of Spying
Pegasus is a powerful spyware that has been used by several countries to spy on political figures, journalists, human rights activists or opponents. How does it work, who has been spied on, what are the consequences, and how much does it cost? Find out in this article.
Articles Digital Security EviCore NFC HSM Technology EviPass NFC HSM technology NFC HSM technology
November 27, 2023
2023 Articles DataShielder Digital Security EviCore NFC HSM Technology EviCypher NFC HSM EviCypher Technology NFC HSM technology
November 23, 2023
Articles Compagny spying DataShielder Digital Security Industrial spying Military spying NFC HSM technology Spying Technical information Zero trust
October 23, 2023
Articles Cybersecurity Digital Security Spying
October 19, 2023
2023 Articles DataShielder Digital Security Military spying News NFC HSM technology Spying
October 17, 2023
Articles Digital Security
October 10, 2023
Articles Digital Security
October 4, 2023
Articles Digital Security NFC HSM technology Technical information
October 3, 2023
Pegasus: The Cost of Spying with the Most Powerful Spyware in the World
Pegasus is a spyware developed by the Israeli company NSO Group. It allows to remotely monitor the activities of a mobile phone. According to an investigation conducted by a consortium of international media, several countries have used this software to spy on political figures, journalists, human rights activists or opponents.
The scandal of Pegasus has provoked a global outcry. It has raised many questions about the legality, the ethics and the consequences of this cyber-surveillance. How does Pegasus work? Who has been spied on by Pegasus? Who is responsible for the spying? What are the consequences of the spying? And most importantly, how much does Pegasus cost?
In this article, we will try to answer these questions in detail. We will use reliable and verified sources of information. We will also present some statistics and comparisons to give you an idea of the scale and the impact of Pegasus.
What is Pegasus?
Pegasus is a spyware, also called spy software. It allows to remotely monitor the activities of a mobile phone. It can access the messages, the calls, the contacts, the photos, the videos, the location, the microphone or the camera of the target phone. It can also activate or deactivate certain functions of the phone, such as Wi-Fi or Bluetooth.
Pegasus: a spyware that raises many questions
Pegasus is a powerful spyware that the NSO group designed. It can monitor and steal data and activities from mobile phones secretly. The NSO group is an Israeli company founded in 2010 by former members of Unit 8200; the Israeli military intelligence service. The company claims that its software aims to fight terrorism and organized crime; such as pedophiles or cartel leaders. It also claims that it only sells it to governments or authorized security agencies; with the approval of the Israeli Ministry of Defense. The countries that acquire these systems must respect their commitments stipulated in the license.
However, a consortium of international media outlets revealed that many countries have used Pegasus for other purposes. They have monitored various people, including politicians, journalists, human rights activists and political opponents. This raises many questions about the protection of privacy and human rights in the digital age. It also exposes the vulnerabilities and challenges of cybersecurity in a world where surveillance technologies are becoming more powerful and discreet.
Pegasus works by exploiting security flaws in the operating systems of phones, such as iOS or Android. It can infect a phone in two ways: either by sending a malicious link to the target phone, which must click on it to be infected; or by using a technique called “zero-click”, which allows to infect a phone without any interaction from the user.
Pegasus is a very sophisticated and discreet software. It can self-destruct or camouflage itself to avoid being detected. It can also adapt to security updates of operating systems to continue working. According to NSO Group, Pegasus is able to target more than 50,000 phone numbers in the world.
Unveiling Pegasus Attack Vectors: Stealth and Subterfuge in Cyber Espionage
In the Shadows of Cyber Espionage: Pegasus Strikes Unseen
In the realm of cyber espionage, Pegasus has mastered the art of covert infiltration, employing a spectrum of attack vectors designed to leave its targets unaware and defenseless. As a specialized journalist in the field of espionage, we delve into the clandestine world of Pegasus, shedding light on the methods it employs to breach digital fortresses.
Email: The Trojan Horse
Pegasus’s espionage campaign often commences with a seemingly innocuous email. The target receives a carefully crafted message, concealing a malicious payload. This deception operates with remarkable subtlety, bypassing traditional safeguards. Victims unknowingly execute the payload, granting Pegasus a foothold into their digital lives.
SMS Intrigue: Texts That Betray
SMS messages can become instruments of betrayal when wielded by Pegasus. Crafted to exploit vulnerabilities in messaging apps, these seemingly harmless texts harbor malicious intent. Clicking on a compromised message can be all it takes for Pegasus to silently infiltrate a device.
Web of Deceit: Navigating Vulnerabilities
Pegasus’s reach extends into the very fabric of the internet. Web browsers, portals to information and connectivity, can become gateways for intrusion. By exploiting unpatched browser vulnerabilities, Pegasus sidesteps user interaction, infiltrating systems silently.
WhatsApp’s Vulnerable Connection
Even encrypted platforms like WhatsApp are not impervious to Pegasus’s advances. The spyware capitalizes on vulnerabilities in this widely used messaging app. A simple call on WhatsApp can translate into a gateway for Pegasus’s covert surveillance.
Zero-Click: A Stealthy Intrusion
The pinnacle of Pegasus’s subterfuge is the “Zero-Click” attack vector. Unlike other methods, “Zero-Click” requires no user interaction whatsoever. It preys upon deep-seated operating system vulnerabilities. Pegasus slips in unnoticed, operating in the shadows, and evading all user alerts.
The Stealth Within Pegasus: An Unseen Hand
Pegasus’s ability to infiltrate devices without leaving a trace raises profound concerns regarding detection and defense. Victims may remain oblivious to their compromised status, and traditional security measures struggle to counteract this stealthy foe.
How Pegasus spied on the Catalan independence movement and the Spanish government
Pegasus, a powerful spyware designed by the NSO Group, has the capability to clandestinely monitor and steal data and activities from mobile phones. A consortium of international media outlets exposed the fact that numerous countries have employed Pegasus to conduct surveillance on various individuals, including political figures, journalists, human rights activists, and political opponents.
In Spain, the Pegasus scandal unfolded, implicating over 60 individuals associated with the Catalan independence movement. According to a report from Citizen Lab, Pegasus was utilized to target these individuals between 2017 and 2020. In an alarming twist, the Spanish government itself accused Pegasus of spying on its own officials in 2021.
The Catalan independence movement under surveillance
The Catalan independence movement represents a political and social endeavor that aims to secure Catalonia’s independence from Spain. This movement gained significant momentum in 2017 when the Catalan government conducted an unauthorized referendum on self-determination. In response, the Spanish government took action by suspending Catalonia’s autonomy and apprehending several of its leaders.
Citizen Lab’s report revealed that Pegasus had specifically targeted more than 60 individuals associated with the Catalan independence movement from 2017 to 2020. This list includes notable figures such as three presidents of the Generalitat of Catalonia: Artur Mas, Quim Torra, and Pere Aragonès. These individuals have taken legal action, filing a complaint against Paz Esteban and the NSO Group. Paz Esteban serves as the director of CNI, Spain’s intelligence service.
Additional alleged victims encompass Members of the European Parliament, lawyers, journalists, and activists. For example, Carles Puigdemont, the former president of Catalonia who sought refuge in Belgium following the referendum, was also subjected to Pegasus surveillance. The list further includes Roger Torrent, the former speaker of the Catalan parliament, and Jordi Cañas, a pro-union Member of the European Parliament.
The Spanish government under attack
The situation escalated in significance when the Spanish government disclosed that Pegasus had also surveilled its own officials in 2021. The government attributed this to an “external attack” but refrained from identifying the perpetrators. Various media outlets hinted at the possibility of Moroccan involvement, occurring against the backdrop of a diplomatic standoff between the two nations.
Prime Minister Pedro Sánchez and Defense Minister Margarita Robles were among the primary targets. In February 2021, while on an official visit to Morocco, their mobile phones fell victim to Pegasus infections8. This compromise allowed the spyware access to their messages, calls, contacts, photos, videos, location, microphone, and camera.
Additionally, Foreign Minister Arancha González Laya and Interior Minister Fernando Grande-Marlaska faced Pegasus surveillance in May 2021. This intrusion occurred during their management of a migration crisis in Ceuta, a Spanish enclave in North Africa that witnessed a mass influx of Moroccan migrants.
The outcry of the victims
Those who have potentially or definitively fallen victim to Pegasus expressed their outrage and concerns surrounding this spying scandal. They vehemently decried it as a grave infringement upon their fundamental rights and vociferously demanded both explanations and accountability. Furthermore, they sought access to the findings of the judicial investigation and the data collected by the spyware.
For example, Quim Torra expressed feeling “violated” and “humiliated” by the intrusive spying. He squarely pointed fingers at the Spanish state and demanded an apology from Prime Minister Sánchez. Torra also declared his intent to pursue legal action against NSO Group and CNI.
Likewise, Pedro Sánchez conveyed his profound worry and anger regarding the spying. He committed to seeking clarifications from Morocco and Israel while simultaneously reinforcing his government’s cybersecurity measures.
What are the consequences of the spying?
Spying by Pegasus inflicted severe consequences on the victims, as well as society and democracy. It violated the victims’ right to privacy, freedom of expression, freedom of information, and presumption of innocence. Additionally, it jeopardized the security, reputation, and well-being of the victims.
Pegasus’ spying activities also eroded trust and cooperation among various actors and institutions. It fostered an atmosphere of suspicion and hostility between Spain and Morocco, neighboring countries with historical and economic ties. Furthermore, it deepened divisions between Madrid and Barcelona, two regions with political and cultural distinctions. The spying undermined the credibility and legitimacy of the Spanish government and its intelligence service.
Moreover, Pegasus’ spying efforts raised awareness and concerns regarding the dangers and abuses of cyber-surveillance. It revealed the lack of control and accountability over the use of spyware by governments and private companies. The spying underscored the necessity for enhanced protection and regulation for human rights defenders, journalists, activists, and other vulnerable groups.
The cost of Pegasus by country: an estimation based on the available sources
NSO Group, an Israeli company specialized in cyber-surveillance, developed Pegasus, a spyware capable of infecting smartphones and accessing their data, including messages, photos, contacts, and location. Pegasus can also activate the microphone and camera of the phone, effectively turning it into a spying tool. But how much does it cost to use Pegasus? And which countries can afford it? This section will attempt to answer these questions based on the available information.
Firstly, the cost of using Pegasus depends on several factors, such as the number of phones targeted, the duration of surveillance, and the type of contract signed with NSO Group. According to The Guardian’s estimate, which relies on internal documents from NSO Group dating back to 2016, a license to monitor 50 smartphones cost 20.7 million euros per year at that time. Similarly, a license for monitoring 100 smartphones cost 41.4 million euros per year. It remains uncertain whether these prices have changed since 2016 or if NSO Group has offered discounts or rebates to certain clients.
Subsequently, the estimated cost of Pegasus by country derives from the number of phones targeted and the operation’s duration, using the average cost provided by The Guardian. These data are approximations and may vary depending on the sources. For instance, Saudi Arabia targeted approximately 15,000 numbers with Pegasus, according to Le Monde, but The Washington Post suggests a figure of 10,000. Likewise, Le Monde indicates that Morocco commenced using Pegasus in 2017, whereas Citizen Lab asserts it was in 2016.
Here is a summary table of the estimates of the cost of Pegasus by country:
Country |
Number of Phones Targeted |
Duration of Operation (years) |
Estimated Cost (in millions of euros) |
Spain |
60 |
6 |
248.4 |
Saudi Arabia |
10 000 |
5 |
2070 |
Azerbaijan |
5 000 |
4 |
828 |
Bahrain |
3 000 |
3 |
372.6 |
Kazakhstan |
1 500 |
2 |
124.2 |
Mexico |
15 000 |
2 |
1242 |
Morocco |
10 000 |
5 |
2070 |
Rwanda |
3 500 |
4 |
579.6 |
Hungary |
300 |
4 |
49.8 |
India |
1 000 |
3 |
124.2 |
United Arab Emirates |
10 000 |
5 |
2070 |
Finally, the total estimated cost of Pegasus for these ten countries would be about 10.5 billion euros over a period of five years.
The cost of Pegasus compared to other indicators
In addition to these estimates, we can also compare the cost of Pegasus with other indicators or expenditures, such as the average income or the budget of a country. This can help us to gain insight into the scale and impact of Pegasus.
For instance, according to Statista, Spain’s average annual income per capita in 2020 was $30,722. El País reported the budget of the Spanish Intelligence Agency (CNI) to be $331 million in 2020, while El Mundo stated that Catalonia’s budget was $40 billion in the same year.
Here is a summary table of the data:
Source |
Estimated Cost of Pegasus |
Le Monde |
$7 to $20 million per year for 50 to 100 smartphones |
TEHTRIS |
$9 million for 10 targets, $650,000 for a single target |
Alain Jourdan |
$500 million for Spain (Source credibility unclear) |
Average Income in Spain (2020) |
$30,722 per year |
Budget of CNI (Spanish Intelligence Agency, 2020) |
$331 million |
Budget of Catalonia (2020) |
$40 billion |
The table demonstrates that Pegasus costs are very high compared to other indicators or expenditures. For instance, according to our previous estimation in the preceding section, Spain would have expended about 248.4 million euros over six years to monitor 60 phones with Pegasus. This amount equals approximately 8 times the budget of the Spanish Intelligence Agency (CNI) in 2020 or about 6% of Catalonia’s budget in the same year. Furthermore, this sum is equivalent to about 8,000 times the average annual income per capita in Spain in 2020.
In conclusion comparison
This comparison highlights that Pegasus represents a significant expense for its users, funds that could have been allocated to other purposes or needs. Moreover, it emphasizes the disproportionate nature of Pegasus costs concerning its victims, often ordinary citizens or government employees.
Assessing the cost of Pegasus with certainty is challenging because it depends on several factors, such as the number of phones targeted, the duration of surveillance, and the type of contract NSO Group signed. To obtain a clearer and more comprehensive view of the cost and scope of Pegasus use, access to NSO Group’s and its clients’ internal data would be necessary.
Statistics on Pegasus: a glimpse into the scale and diversity of Pegasus espionage
NSO Group, an Israeli company specialized in cyber-surveillance, developed Pegasus, a spyware. Pegasus can infect smartphones and access their data, such as messages, photos, contacts, and location. Pegasus can also activate the microphone and camera of the phone, turning it into a spying tool.
But who are the victims of Pegasus? And how many are they? In this section, we will present some statistics based on the available data.
It is important to note that these statistics are not comprehensive, as a sample of 50,000 phone numbers selected by NSO Group’s clients as potential targets forms the basis for them. Forbidden Stories and Amnesty International obtained this sample and shared it with a consortium of media outlets that conducted an investigation. The actual number of Pegasus targets may be much higher, as NSO Group claims to have more than 60 clients in 40 countries.
According to The Guardian’s analysis of the sample:
- More than 1,000 individuals in 50 different countries have been confirmed as successfully infected with Pegasus.
- Over 600 politicians and government officials, including heads of state, prime ministers, and cabinet ministers, were identified as potential targets.
- More than 180 journalists working for prominent media outlets like CNN, The New York Times, Al Jazeera, or Le Monde were selected as potential targets.
- Over 85 human rights activists, including members of organizations like Amnesty International and Human Rights Watch, were identified as potential targets.
According to Le Monde’s analysis of the same sample:
- Morocco selected more than 15,000 individuals as potential targets between 2017 and 2019.
- Mexico selected over 10,000 potential targets between 2016 and 2017.
- Saudi Arabia selected more than 1,400 potential targets between 2016 and 2019.
- India selected over 800 potential targets between 2017 and 2019.
Here is a summary table of the key findings from both sources:
Data Source |
Key Findings |
The Guardian (Sample of 50,000 Numbers) |
Over:
- 1,000 infections in 50 countries
- 600 politicians and government officials targeted
- 180 journalists selected as potential targets
- 85 human rights activists identified as potential targets
|
Le Monde (Sample of 50,000 Numbers) |
Over:
- 15,000 potential targets in Morocco (2017-2019)
- 10,000 potential targets in Mexico (2016-2017)
- 1,400 potential targets in Saudi Arabia (2016-2019)
- 800 potential targets in India (2017-2019)
|
These statistics reveal Pegasus surveillance’s extensive reach and diversity, affecting a wide range of individuals and countries with varying motivations and interests. Moreover, they show that Pegasus surveillance has been ongoing for several years without anyone detecting or stopping it.
In conclusion, these statistics provide a glimpse into the scale and diversity of Pegasus espionage. However, they are not exhaustive and may not fully reflect the true extent of Pegasus surveillance. To have a clearer and more complete picture of the victims and the consequences of Pegasus, access to the internal data of NSO Group and its clients would be necessary.
Pegasus Datasheet: a summary of the features and capabilities of Pegasus spyware
Pegasus is a spyware developed by the Israeli company NSO Group, designed for remote monitoring of mobile phone activities. Pegasus can infect smartphones and access their data, such as messages, calls, contacts, photos, videos, location, microphone, and camera. Pegasus can also control some functions of the phone, such as enabling or disabling Wi-Fi, Bluetooth, and more. Pegasus can infect phones through different methods, such as malicious link delivery or the insidious “zero-click” technique, which does not require any user interaction. The duration and frequency of Pegasus surveillance depend on the contract signed with NSO Group, which can vary from client to client.
Below is a datasheet detailing Pegasus, including price estimates and periodicity:
CHARACTERISTIC |
VALUE |
ATTACK VECTOR |
Name |
Pegasus |
|
Developer |
NSO Group |
|
Type |
Spyware |
|
Function |
Remote monitoring of mobile phone activities |
|
Infection Method |
Malicious link delivery or the insidious “zero-click” technique |
Email, SMS, Web Browsing, WhatsApp, Zero-Click |
Data Access |
Messages, calls, contacts, photos, videos, location, microphone, camera |
|
Function Access |
Capable of enabling/disabling Wi-Fi, Bluetooth, and more |
|
Periodicity |
Varied, dependent on contract duration and frequency of updates |
|
Price Estimate |
$7 to $20 million per year for 50 to 100 smartphones |
Assessing the Pegasus Threat Level After Security Updates and Utilizing Anti-Pegasus Tools
Pegasus is a spyware that exploits security flaws in the operating systems of phones, such as iOS or Android. To reduce the level of threat of Pegasus, one of the ways is to update and patch these operating systems regularly, to fix the vulnerabilities that Pegasus can use.
How security updates can protect the devices from Pegasus
In September 2021, Apple released iOS 14.8 and macOS 11.6 as security updates to protect its devices from the zero-click exploit used by Pegasus. Citizen Lab discovered this exploit, called FORCEDENTRY, in August 2021. FORCEDENTRY allowed Pegasus to infect iPhones without any user interaction. Apple urged its users to install the updates as soon as possible to protect themselves from Pegasus.
Google also released security updates for Android devices in August 2021, according to Linternaute. These updates fixed several vulnerabilities that Pegasus or other spyware could exploit. Google did not specify if these vulnerabilities were related to Pegasus, but it advised its users to update their devices regularly to ensure their security.
However, updating and patching the operating systems may not be enough to prevent or detect Pegasus infections. Pegasus can adapt to security updates and use new exploits that security experts have not yet discovered or fixed.
How tools can scan and remove Pegasus or other spyware from the devices
Another way to reduce the level of threat of Pegasus is to use tools that can scan and remove Pegasus or other spyware from the devices.
Kaspersky suggests several tools that can help users protect themselves from Pegasus and other advanced spyware, such as:
- Antivirus software: this software can detect and remove malware from the devices, based on signatures or behavioral analysis. It can also block malicious links or attachments that may contain spyware.
- VPN software: this software can encrypt and secure the internet traffic of the devices, making it harder for spyware to intercept or modify the data. It can also hide the IP address and location of the devices, making it harder for spyware to target or track them.
- Anti-spyware software: this software can specifically detect and remove spyware from the devices, based on indicators or heuristics. It can also monitor and alert the users about any suspicious activity or change on their devices.
However, using these tools may not be enough either, as Pegasus can evade or disable them, or use stealth techniques to avoid detection or removal.
How DataShielder NFC HSM can protect the data and communications from Pegasus
DataShielder NFC HSM Defense: a solution against spyware
Another technology can help users protect themselves from Pegasus and other spyware. This is DataShielder NFC HSM Defense with EviCore NFC HSM, a solution that effectively fights against applications and spyware such as Pegasus. It is an alternative that secures contactless encryption and segmented key authentication system stored encrypted in NFC HSM. Thus, the secret keys are physically externalized and not accessible to the spyware. DataShielder NFC HSM Defense with EviCypher NFC HSM encrypts all types of sensitive data without ever logging the data unencrypted. The user can encrypt all types of data from his contactless phone in volatile memory, including Email, SMS, MMS, RCS, Chat, all messaging in general, all types of messaging, including satellite, without ever saving his texts unencrypted. DataShielder NFC HSM also works in air gap as well as on all types of NFC, Wifi, Bluetooth, Lan, Wan, Camera communication protocols that it encrypts end-to-end from NFC HSM
DataShielder NFC HSM Defense: additional features
In the Defense version of DataShielder NFC HSM, it integrates EviCall NFC HSM technology, which allows users to physically outsource phone contacts and make calls by automatically erasing the call histories of the phone, including encrypted and unencrypted SMS linked to that call number.
DataShielder NFC HSM also includes Evipass NFC HSM contactless password manager technology. It is therefore compatible with EviCore NFC HSM Browser Extension technology. In particular, it carries out all types of autofill and autologin operations. Thus, DataShielder NFC HSM not only allows you to connect by autofilling the traditional login and password identification fields on the phone, whether through applications or online accounts. But also also and on the types of online accounts (lan and wan), applications, software. DataShielder NFC HSM Defense also includes EviKeyboard BLE technology which also extends the use of keys greater than 256 bit. This virtual Bluetooth keyboard allows you to authenticate on the command line, on all types of home automation, electronic, motherboard bios, TMP2.0 key, which accepts the connection of a keyboard on a USB port. All these operations are end-to-end encrypted from NFC HSM up to more than 50 meters away via Bluetooth encrypted in AES-128.
To encrypt sensitive data from their phone, the user will do it from their secret keys only stored in their NFC HSM. They can also do it from their computer using the NFC HSM. This is possible thanks to the interoperability and backward compatibility of the DataShielder NFC HSM Defense ecosystem, which works independently but is interoperable on all Android computer and telephone systems with NFC technology. For example, users can encrypt files, photos, videos, and audio on their phones without ever exposing them to security breaches on the phone or computer.
This is the EviCypher NFC HSM technology dedicated to the encryption and management of AES 256 and RSA 4096 encryption keys.
Similarly, DataShielder also includes EviOTP NFC HSM technology, also in DataShielder NFC HSM Defense, which secures and manages OTP (TOTP and HOTP) secret keys.
Here are all the links : EviPass NFC HSM , EviOTP NFC HSM, EviCypher NFC HSM, EviCall NFC HSM, EviKeyboard BLE
DataShielder NFC HSM Defense vs Pegasus: a comparison table
Data |
Pegasus |
DataShielder NFC HSM Defense |
Messages, chats |
Can read and record them unencrypted |
Encrypts them end-to-end with keys physically externalized in the NFC HSM |
Phone contacts |
Can access and modify them |
Externalizes and encrypts them in the NFC HSM |
Emails |
Can intercept and read them |
Encrypts them with the OpenPGP protocol and signs them with the NFC HSM |
Photos |
Can access and copy them |
Encrypts them with the NFC HSM and stores them in a secure space |
Videos |
Can watch and record them |
Encrypts them with the NFC HSM and stores them in a secure space |
Encrypted messages scanned from the camera |
Can decrypt them if he has access to the encryption key |
Encrypts them with the NFC HSM and does not leave any trace of the encryption key |
Conversation histories from contacts stored in the NFC HSM |
Can access and analyze them |
Erases them automatically after each call or message |
Usernames and passwords |
Can steal and use them |
Externalizes and encrypts them in the NFC HSM with EviPass technology |
Secret keys of OTP |
Can compromise and impersonate them |
Externalizes them physically in the NFC HSM with EviOTP technology |
The level of threat of Pegasus in different cases
The level of threat of Pegasus depends on many factors, such as the type and version of the operating system, the frequency and quality of the updates and patches, the availability and effectiveness of the tools, and the behavior and awareness of the users. It is therefore difficult to measure it precisely or universally, as it may vary according to different scenarios and situations.
However, we can try to give some estimates or ranges of levels, based on assumptions or approximations. For example, we can use a scale from 1 (lowest) to 10 (highest) to indicate how likely it is for a device to be infected by Pegasus in different cases:
Case |
Level of threat |
A device with an outdated operating system that has not been updated for a long time |
9/10 |
A device with an updated operating system that has been patched recently |
5/10 |
A device with an updated operating system that has been patched recently and uses antivirus software |
3/10 |
A device with an updated operating system that has been patched recently and uses antivirus software and VPN software |
2/10 |
A device with an updated operating system that has been patched recently and uses antivirus software, VPN software, and anti-spyware software |
1/10 |
A device with an updated operating system that has been patched recently and uses DataShielder NFC HSM |
0/10 |
Latest affairs related to Pegasus
Since the revelations of Forbidden Stories and Amnesty International in July 2021, several new developments have occurred in relation to Pegasus spying. Here are some of them:
- October 2023, The former head of the Spanish intelligence services has been charged with spying on the regional president of Catalonia, Pere Aragonès, using the Pegasus software, the Spanish justice announced on Monday. Paz Esteban, who was dismissed last year by the government of Pedro Sánchez after the scandal broke out, has been summoned by the Barcelona judge in charge of the case on December 131. The judge said that the facts reported by the moderate separatist leader have the “characteristics” of “possible criminal offenses such as illegal wiretapping and computer espionage
- In October 2021, Paz Esteban López, the former head of CNI, was charged with crimes against privacy and misuse of public funds for allegedly ordering the spying on Catalan politicians with Pegasus. She is the first high-ranking official to face legal consequences for using Pegasus in Spain.
- In September 2021, NSO Group announced that it was temporarily suspending its services to several government clients after being accused of facilitating human rights abuses with Pegasus. The company did not specify which clients were affected by this decision.
- In August 2021, Apple released an urgent security update for its devices after discovering a zero-click exploit that allowed Pegasus to infect iPhones without any user interaction. The exploit, called FORCEDENTRY, was used by NSO Group to target activists, journalists and lawyers around the world. Apple urged its users to install the update as soon as possible to protect themselves from Pegasus.
- In July 2021, the French government launched an investigation into the alleged spying on President Emmanuel Macron and other senior officials by Morocco using Pegasus. Morocco denied any involvement in the spying and sued Amnesty International and Forbidden Stories for defamation. France also summoned the Israeli ambassador to Paris to demand explanations about NSO Group’s activities.
- In July 2021, the Israeli government formed a task force to review the allegations against NSO Group and its export licenses. The task force included representatives from the defense, justice and foreign ministries, as well as from the Mossad and the Shin Bet. The task force was expected to report its findings within a few weeks.
These developments show that Pegasus spying has triggered legal, diplomatic and political reactions in different countries. They also show that Pegasus spying has exposed the vulnerabilities and the challenges of cybersecurity in the digital age.
Spyware with multiple detrimental impacts
Pegasus is not only a spyware with a high financial cost for its users, but it also entails, whether it is used legitimately or not, a human, social, political and environmental cost for its victims and society as a whole. It is difficult to precisely quantify the cost of the damages caused by the use of Pegasus due to numerous factors and variables that can vary across countries, sectors and periods. However, we can provide some rough estimates and examples to illustrate the scope and diversity of the impacts of the use of Pegasus.
Financial Cost
The financial cost of the damages inflicted by Pegasus can be measured on several fronts:
- Cost to Victims: Individuals spied on by Pegasus may suffer direct or indirect financial losses, stemming from breaches of their privacy, disclosure of personal or professional information, manipulation, or theft of their financial or tax-related data. For example, a journalist might lose their job or credibility due to information revealed by Pegasus; a lawyer could lose a lawsuit or a client due to a disclosed strategy, and an activist might lose funding or security due to an exposed campaign.
- Cost to Businesses: Companies targeted by Pegasus may face direct or indirect financial losses related to intellectual property violation, unfair competition, industrial espionage, corruption, and more. For instance, a business could lose a contract or market share because of exposed bids; its reputation and trustworthiness could suffer due to a Pegasus-related scandal, and its competitiveness and profitability could diminish from a compromised trade secret.
- Cost to States: Nations subject to Pegasus espionage may experience direct or indirect financial losses tied to sovereignty violations, threats to national security, interference in domestic and foreign affairs, among others. An example includes a country’s stability or legitimacy being jeopardized due to a Pegasus-facilitated coup; a nation losing influence or alliances because of negotiations undermined by Pegasus; or a state’s development or environment suffering from a Pegasus-sabotaged project.
Geopolitical Cost
The geopolitical cost of Pegasus-induced damages can be measured on various fronts:
- Cost to International Relations: The use of Pegasus by some states to spy on others can lead to diplomatic tensions, armed conflicts, economic sanctions, and cooperation ruptures. For example, the espionage of French President Emmanuel Macron by Morocco triggered a crisis between the two nations; spying on Indian Prime Minister Narendra Modi by China escalated their border dispute, and Israeli espionage of Iranian President Hassan Rouhani compromised the nuclear agreement between the two countries.
- Cost to International Organizations: Pegasus’ deployment by certain states to spy on international organizations can result in violations of international law, human rights abuses, and hindrances to multilateralism. For instance, spying on UN Secretary-General Antonio Guterres by the United States undermined the organization’s independence and impartiality. Similarly, espionage targeting the International Criminal Court by Israel threatened international justice and peace, while spying on the World Health Organization by China disrupted pandemic management.
Economic Cost
The economic cost of the damages caused by Pegasus can be assessed across different dimensions:
- Cost to Economic Growth: The use of Pegasus by certain states or private actors to spy on other states or private actors can lead to market distortions, productivity losses, capital flight, and offshoring. For example, the espionage targeting the airline company Emirates by Qatar reduced its competitiveness and profitability. Similarly, spying on the oil company Petrobras by the United States triggered an economic and political crisis in Brazil. Additionally, spying on Mexico’s central bank by Venezuela facilitated money laundering and terrorism financing.
- Cost to Innovation: The utilization of Pegasus by certain states or private actors to spy on other states or private actors can result in patent theft, counterfeiting, hacking, and cyberattacks. For instance, spying on pharmaceutical company Pfizer by China allowed the latter to replicate its COVID-19 vaccine. Simultaneously, espionage against technology giant Apple by North Korea enabled the creation of its smartphone. Furthermore, spying on space company SpaceX by Russia allowed the latter to sabotage its launches.
Human, Social, and Environmental Cost
The human, social, and environmental cost of Pegasus-induced damages can be measured across several aspects:
- Cost to Human Rights: The use of Pegasus by certain states or private actors to spy on vulnerable individuals or groups can result in violations of the right to life, freedom, security, dignity, and more. For example, the spying on journalist Jamal Khashoggi by Saudi Arabia led to his assassination. Similarly, espionage targeting activist Edward Snowden by the United States led to his exile. Additionally, the espionage of dissident Alexei Navalny by Russia resulted in his poisoning.
- Cost to Democracy: The deployment of Pegasus by certain states or private actors to spy on political or social actors can lead to infringements on pluralism, transparency, participation, representativeness, and more. For instance, spying on French President Emmanuel Macron by Russia attempted to influence the 2017 French presidential election. Similarly, spying on the Yellow Vest movement by Morocco aimed to weaken the French social movement in 2018. Additionally, espionage against President Joe Biden by Iran sought to infiltrate his transition team in 2020.
- Cost to the Environment: The use of Pegasus by certain states or private actors to spy on organizations or individuals committed to environmental protection can result in damage to biodiversity, climate, natural resources, and more. For example, spying on Greenpeace by Japan hindered its efforts against whale hunting. Similarly, espionage against the WWF by Brazil facilitated deforestation in the Amazon. Additionally, the spying on climate activist Greta Thunberg by Russia aimed to discredit her climate movement.
- Cost to Intangibles: The use of Pegasus by certain states or private actors to spy on individuals or groups with symbolic, cultural, moral, or spiritual value can result in losses of meaning, trust, hope, or faith. For instance, espionage against Pope Francis by Turkey undermined his moral and religious authority. Similarly, spying on the Dalai Lama by China compromised his spiritual and political status. Additionally, the espionage of Nelson Mandela by South Africa tarnished his historical and humanitarian legacy.
The Risk of Diplomatic Conflict Arising from Pegasus
The utilization of Pegasus by some states to spy on others can give rise to the risk of diplomatic conflict, which can have severe consequences for international peace and security. The likelihood of diplomatic conflict depends on several factors, including:
- Intensity and Duration of Espionage: The more extensive and prolonged the espionage, the more likely it is to provoke a strong and lasting reaction from the spied-upon state.
- Nature and Status of Targets: More important and sensitive targets are more likely to trigger a strong and immediate reaction from the spied-upon state. For instance, spying on a head of state or a minister is more serious than spying on a bureaucrat or diplomat.
- Relationship and Context Between States: States with tense or conflictual relationships are more likely to provoke a strong and hostile reaction from the spied-upon state. For instance, espionage between rival or enemy states is more serious than espionage between allied or neutral states.
The risk of diplomatic conflict can manifest at various levels:
- Bilateral Level: This is the most direct and frequent level, where two states clash due to espionage. Possible reactions include official protests, summoning or expelling an ambassador, breaking or freezing diplomatic relations, etc.
- Regional Level: This level involves a state seeking support from its neighbors or regional partners to bolster its position or condemn the espionage. Possible reactions include joint declarations, collective resolutions, economic or political sanctions, etc.
- International Level: At this level, a state calls upon international organizations or global actors to support its position or condemn the espionage. Possible reactions include referring the matter to an international court, resolutions by the UN Security Council, humanitarian or military sanctions, etc.
The risk of diplomatic conflict can have various consequences:
- Political Consequences: It can lead to a deterioration or rupture of relations between the involved states, a loss of credibility or legitimacy on the international stage, internal political instability or crisis, etc.
- Economic Consequences: It can result in reduced or suspended trade between the involved states, a loss of competitiveness or growth, capital flight or frozen investments, etc.
- Social Consequences: It can lead to increased or exacerbated tensions or violence among the populations of the involved states, a loss of trust or solidarity, a rise or reinforcement of nationalism or extremism, etc.
Conclusion
Pegasus exacts a high financial, human, social, political, and environmental toll on its users, victims, and society at large. Precisely quantifying the cost of the damages it inflicts is challenging due to numerous factors, but we have provided estimates and examples to illustrate its wide-ranging impacts.
Additionally, Pegasus introduces the risk of diplomatic conflicts between states using it and those falling victim to its surveillance. The likelihood and consequences of such conflicts depend on factors such as the intensity and duration of espionage, the nature and status of targets, and the relationship between states. These conflicts can occur at bilateral, regional, or international levels and may have political, economic, or social repercussions.
We hope this article has informed and engaged you regarding Pegasus and its costs. To delve deeper into this topic, you can refer to the sources we used for this article, listed below, or use my web search tool to find more information on Pegasus.
Sources
In crafting this article, we have drawn upon a selection of reputable and verified web sources. Our sources are chosen for their commitment to presenting facts objectively and respecting the presumption of innocence.
The sources used for estimating the cost of Pegasus are derived from the following newspaper articles:
-
- According to the French Le Monde, Saudi Arabia targeted about 15,000 phone numbers with Pegasus.
- The American The Washington Post reported that Saudi Arabia started using Pegasus in 2018.
- The British The Guardian stated that Azerbaijan aimed at about 5,000 phone numbers with Pegasus.
- As per the American The Washington Post, Azerbaijan began using Pegasus in 2019.
- In the case reported by the French Le Monde, Bahrain focused on about 3,000 phone numbers with Pegasus.
- Mentioned in the American The Washington Post, Bahrain initiated Pegasus use in 2020.
- As disclosed by the British The Guardian, Kazakhstan directed attention towards approximately 1,500 phone numbers with Pegasus.
- According to the American The Washington Post, Kazakhstan commenced Pegasus usage in 2021.
- According to claims made by the Mexican Aristegui Noticias, Mexico targeted about 15,000 phone numbers with Pegasus.
- As reported by the American The Washington Post, Mexico began Pegasus use in 2020.
- As detailed in the French Le Monde, Morocco focused on about 10,000 phone numbers with Pegasus.
- Confirmed by the Canadian organization Citizen Lab, Morocco initiated Pegasus usage in 2016.
- According to findings reported by the British The Guardian, Rwanda honed in on around 3,500 phone numbers with Pegasus.
- As indicated by the American The Washington Post, Rwanda started Pegasus usage in 2019.
- In the report from the French Le Monde, Hungary aimed at about 300 phone numbers with Pegasus.
- As conveyed by the Hungarian Direkt36, Hungary initiated Pegasus use in 2018.
- As outlined in the Indian The Wire, India directed attention towards approximately 1,000 phone numbers with Pegasus.
- According to the British The Guardian, India began Pegasus use in 2019.
- According to the information provided by the French Le Monde, the United Arab Emirates honed in on around 10,000 phone numbers with Pegasus.
- Confirmed by the Canadian organization Citizen Lab, the United Arab Emirates started Pegasus usage in 2016.